Avast WEBforum
Other => General Topics => Topic started by: Chaswey on February 26, 2009, 11:40:16 AM
-
I'm running the free version of Avast 4 (with 7 providers).
I want to configure it so that I do not have unnecessary providers running.
Lots of posts on different forums suggest thet you do not need to run an e-mail scanner as your ISP should catch any viruses (although NOT in attachments). However, attachment viruses SHOULD be picked up by Avast anyway, shouldn't they? So I have disabled Internet Mail.
As I do not use Outlook/Exchange or Instant Messaging, I have also disabled these.
That leaves:
Network Shield
P2P Shield
Standard Shield
Web Shield
I think I understand Standard Shield (although what is "standard"?) and P2P Shield but what are the other two for?
Is Web Shield some type of anti-phishing/Link Scanner?
Network Shield? Some protection for a LAN or Intranet network?
Would be grateful for a breakdown/explanation of what each one does.
Thanks
-
-= based on what I know: [correct me if I am wrong]
-= Standard Shield --> resident shield.. a scanner running in background.. scans several ports..
-= Web Shield --> protection from internet spreading viruses
-= Network Shield --> [if I am not mistaken] for computers in a network..?
-= Internet Mail --> for e-mails
-= P2P Shield --> for P2P [Peer to peer transfers].. e.g. limewire, frostwire, utorrent.. Transfer of file from other pc to your pc
-= instant messaging --> IMs
-= Script Blocker --> for blocking malicious Java and many other format scripts..
-
For Internet Mail provider ... I could argue with
Lots of posts on different forums suggest thet you do not need to run an e-mail scanner as your ISP should catch any viruses
but the argument that is better to never let a virus into email database to begin with rather than catch it later and risk the antivirus product deleting your entire email database may not change your mind. Nevertheless, please read this post (http://forum.avast.com/index.php?topic=41008.msg343952#msg343952) for an added value of this provider.
-
Thanks for your reply.
I notice that you mention "Script Blocker". In my version (4) this has been replaced by Outlook/Exchange.
Yes, I suppose Network Shield speaks for itself. As I am not connected to a computer network, I'll disable this.
Web Shield? Not too sure about this. Would have thought the Resident Shield (Standard Shield) would have picked this up. That's what makes me think it's some type of Link Scanner. I find link scanners a pain as they are only as good as the latest database (which is always out of date).
-
The avast Webshield is not a link scanner; it is a comprehensive scanner of your Internet accesses ... including finding viruses in code/data downloaded during your Internet surfing. Again, prevention being better than cure.
You are connected to a computer network ... the Internet ... the Network shield provides defense against attempts to exploit your system from the Internet and (yes, as you say only as good as the database ... but better some defense than none) to block accesses - with a warning - to known malware sites.
-
Thanks alanrf.
Take your point about e-mail scanning. Also, that the providers don't use much resources.
I do use P2P occasionally so I guess I'll just disable IM and Outlook/Exchange. Thanks again
-
If you got Home then you dont got script blocker its only in the Avast Pro u got it
-
Hi, Chaswey. Avast works well for me without Web Shield or Internet Mail protection. I'm the only user on this PC and I practice safe hex. I'm using these providers.
- Instant Messaging
- Network Shield
- P2P Shield
- Standard Shield
Of course the Standard Shield is essential.
-
Alan Baxter,
Publishing opinions is very easy and perfectly reasonable, but they are just opinions and not backed up by any rationale.
avast provides a number of protective providers ... they are low in resource consumption and there are very clear reasons for not using some if they are not applicable (like IM if the avast user does not use any Instant Messaging services). What technical analysis of yours supports the advice to fail to use the Webshield or the Internet Mail provider (for users of email clients)?
-
What technical analysis of yours supports the advice to fail to use the Webshield or the Internet Mail provider (for users of email clients)?
- Web Shield. It's not necessary, so I choose to avoid the load and complexity added by its HTTP proxy implementation.
1) From avast! - help: resident protection, Web Shield - Provider Settings
avast! will prevent the infection thanks to its Standard Shield provider (which scans all files that you start of open).
2) Firefox 3 scans all downloaded files with Avast
Web Shield does provide other features available through its Settings, but I don't use any of them.
- Internet Mail
http://thundercloud.net/infoave/tutorials/email-scanning/index.htm
-
Web Shield. It's not necessary, so I choose to avoid the load and complexity added by its HTTP proxy implementation.
Sorry .. but again this is an opinion and your technical backup is .... ?
2) Firefox 3 scans all downloaded files with Avast
What makes you believe this fallacy?
As for Internet Mail, again, you are welcome to believe any unsubstantiated posting on the Internet ... as you appear to. I know avast ... (forgive my presumption but I dare to think that I may yet still know it a little better than you). If this article is your evidence ... well let's say it is just not convincing.
As to load .. .what load? These providers are low resource and is not some defense better than none ... is not prevention better than cure?
Let's continue the debate.
-
Standard Shield, Network Shield and Web Shield. These are the basic ones for optimal protection.
Since i don't use POP3 mail i also have Internet Mail provider, but i have its heuristics set to extreme sensitivity. So if only one mail is being sent through SMTP on my PC, avast! will jump up.
Great proactive protection against mass mail worms.
-
@ Alan Baxter
Well I don't know of what complexity you talk of with the web shield proxy, it is transparent in newer OSes with no input required of the user. Load is negligible in both RAM and CPU with modern systems with GB+ of RAM and fast CPU, but even with lower performance PCs it isn't a huge drain. If RAM is a factor then it is cheap and will improve overall system response.
It is by far better to keep malware off your system, rather than have to actually try to remove it when it is on the system, IMHO, but that's just another opinion.
Whilst firefox 3 has introduced scanning of downloads, it also stated it doesn't work with all AVs and guess what, it 'doesn't' work with avast as it clearly hasn't got a clue about what executable (ashquick.exe) to use and nor does it have anywhere to input the executable.
The Internet Mail provider when set to High, could be your first indication that you have an undetected or hidden spam bot on your system.
There are times when what you post on here is going to be read by someone with little knowledge and that could put them at risk, you only have to look at the rash of infected/hacked web sites to see just how valuable the web shield is.
-
Hi, David. Sorry to take so long getting back to you, but life beckoned.
Thank you for your detailed, informative reply. I especially appreciate your opinion, the facts you provide, and, I hope, the willingness to try to understand where someone else is coming from. If I may, I'd like to clarify some things and ask some followup questions in my response.
Well I don't know of what complexity you talk of with the web shield proxy, it is transparent in newer OSes with no input required of the user. Load is negligible in both RAM and CPU with modern systems with GB+ of RAM and fast CPU, but even with lower performance PCs it isn't a huge drain. If RAM is a factor then it is cheap and will improve overall system response.
Perhaps it wasn't clear, but both of my previous posts were about how I personally use Avast, and, in response to alanrf's request for justification, why I choose to use Avast this way. That's why I said I'm the only user of this PC, and, more importantly, that I practice safe hex. My PC is a nine year old 600MHz PIII machine with 1GB RAM on fully patched Windows XP SP3. As you can see, I've got plenty of RAM, which is confirmed by the Task Manager and a third-party page file monitor. My CPU is slow enough that page loading and rendering is severely CPU bound for non-trivial web pages. Hence my avoidance of any additional CPU load caused by the Web Shield. (No matter how small. I didn't measure it.)
I wasn't referring to complexity of Web Shield's setup, which does appear to be completely transparent to the user. I meant bugs and false positives, no matter how few, which are introduced by any additional layer of software. I usually reduce my exposure to these issues by limiting myself to software which provides functionality I need and features I find desirable. Since the Avast documentation indicates Web Shield blocks only the same malware that Standard Shield would intercept, I feel just as safe without it. It's possible I might feel differently if I actually downloaded malware occasionally, but the fact of the matter is I never have. None of the AVs I've used have ever found malware on my PC, except for eicar test files and false positives. Safe hex is my belt and Standard Shield is my suspenders if my belt ever breaks.
It is by far better to keep malware off your system, rather than have to actually try to remove it when it is on the system, IMHO, but that's just another opinion.
I don't have any experience with that, so I defer to your opinion. It sounds like Web Shield would help keep malware from ever getting saved to disk, but wouldn't a routine scan detect the download and remove it? There's no danger of actually getting infected, because Standard Shield will prevent any malware Avast has in its database from executing. Right? I'm not advocating that using Web Shield is a foolish waste, rather I'm trying to understand if it's essential for me.
Whilst firefox 3 has introduced scanning of downloads, it also stated it doesn't work with all AVs and guess what, it 'doesn't' work with avast as it clearly hasn't got a clue about what executable (ashquick.exe) to use and nor does it have anywhere to input the executable.
Aaack! The Firefox 3.0.6 Downloads window says something like "Scanning for viruses...", but you say that it isn't! I verified it doesn't load ashquick.exe with the Task Manager. I don't like Firefox misleading me like that, but the Standard Shield does scan the test virus file eicar.com as soon as an attempt is made to write it to disk, either by Firefox or my third-party download manager. Avast is the only AV installed on my PC. Is Firefox lying to me? Apparently IE7 doesn't automatically scan downloads either, but at least it doesn't seem to be claiming it does. No matter. I usually us a third-party download manager anyhow.
Edit: I've confirmed the erroneous and misleading "Scanning for viruses..." message in Firefox 3 in Mozilla Bug 461989 (https://bugzilla.mozilla.org/show_bug.cgi?id=461989).
The Internet Mail provider when set to High, could be your first indication that you have an undetected or hidden spam bot on your system.
Why's that? Shouldn't Avast detect the spam bot's exe as malware and prevent it from running? OK, let's suppose this is a case where the bot isn't in Avast's database. I expect my personal firewall would detect an attempt to make an unauthorized Internet connection.
Anyhow, once you've allowed malware to actually execute on your system, isn't it pretty much "game over"? I'm probably being overly pessimistic here. I haven't had the experience with successfully repairing compromised systems you may have.
There are times when what you post on here is going to be read by someone with little knowledge and that could put them at risk, you only have to look at the rash of infected/hacked web sites to see just how valuable the web shield is.
According to my understanding of the Avast docs, the Standard Shield should prevent any malware from being executed that Web Shield would have caught being downloaded. Am I mistaken here? Have you run across any actual cases where Standard Shield allowed malware to run that Web Shield would have stopped? In any event, I'll leave the Avast configuration advice up to those of you that have more experience lending this assistance. I was just telling my story.
Just one more question. I haven't disabled the IM provider, even though I never use IM. (I barely know how to spell it.) I verified I don't use any of the programs in the IM settings dialog. But the Instant Messaging details page reports 205 scans in the last hour. The last scanned is D:\Documents and Settings\Alan Baxter\Local Settings\Temporary Internet Files\Content.IE5\TLOT839l\indexCAPWRRU6.htm. What is it scanning if I'm not using IM? Feel free to spank me and send me back to the FAQ if I've overlooked this issue there.
Edit: Added Mozilla Firefox bug report.
-
-= its still more recommendable to leave all providers running.. well, avast is a light antivirus so a few drop in speed wont sacrifice your enjoyment while using pc..
-
-= its still more recommendable to leave all providers running.. well, avast is a light antivirus so a few drop in speed wont sacrifice your enjoyment while using pc..
I feel the same...
-
I agree with you chronoboi001 and Tech.I have all running all the time.Better safe than sorry.I can understand some users that are not on broadband reducing some resources though.Its a case of horses for courses. ;)
-
***
I am on dial-up and have all providers running except for one ... Outlook/Exchange provider since I do not have either. I have no problems while running the others even on dial-up. My system is not new neither, being 5 years old a little later this year.
***
-
I agree with you chronoboi001 and Tech.I have all running all the time.Better safe than sorry.I can understand some users that are not on broadband reducing some resources though.Its a case of horses for courses. ;)
Your connection has nothing to do with resources used other than the providers you actually require for the programs you use to provide protection.
I too am a dial-up user and I only use 4 providers, because I don't require the others as I don't use P2P applications (totally out of the question on dial-up), I don't use Instant Messaging (never felt the need) nor do I use MS Outlook, only Outlook Express, so I don't need the Outlook Exchange provider.
I don't notice any impact using either the network or web shields, the network shields resource use is negligible and the web shield's is relatively low, but that is the one doing the most work outside of the standard shield.
So if there are some shields that are specifically for different functions, like P2P or IM and MS Outlook, then if you don't use any of those applications, then you don't need the associated shield (Terminate it).
-
-= Yahoo! Mail has a web scanner so there are less possible virus intrusions that's why many people shut down their email scanner.. Moreover, IMs have gotten more secured nowadays.. Files being received thru IMs are scanned by avast [or manually scanned by the user itself] that's why many turns off the IM Shield too..
-= I guess they've got a point with that..
-
Me all is running excepted for two which i didnt need its p2p and outlook so its the way for the user to configure his Anti Virus
-
-= Yahoo! Mail has a web scanner so there are less possible virus intrusions that's why many people shut down their email scanner.. Moreover, IMs have gotten more secured nowadays.. Files being received thru IMs are scanned by avast [or manually scanned by the user itself] that's why many turns off the IM Shield too..
-= I guess they've got a point with that..
To me that doesn't provide a good reason to shut down email scanning. The Internet Mail provider I would say should not only be enabled but set to High sensitivity. With it set to High there is a function in the Heuristic settings which could detect multiple emails sent from your system in a given time. This may be your first indication that your system has a hidden/undetected spambot on your system.
These spambots, don't need to use your email client (even if you don't have one) as they usually come with their own very small SMTP client so it doesn't need anything on your system, just your connection.
IMs have got more secure, you only have to browse the forums to see that doesn't appear to be the case and again a second opinion never hurt anyone.
-
-= Is Frostwire included in the monitored programs in P2P shield..?
-
You only need to check the list of supported P2P applications (P2P Shield, Customize) to see it isn't on the list, so no it isn't monitored.
-
-= Sadly, it wasn't on the list..
-= But I heard that Frostwire is from Limewire itself.. So maybe, Frostwire is detected as Limewire..
-= Am I making sense..? Huh..? I just want to know if I have to scan files manually to prevent intrusions..
-= Thanks for the help..
-
Even coming from Limewire is no guarantee it would be recognised as limewire, from the same P2P provider detailed view you should see the last scanned and scanned count fields change if it is indeed being scanned, but I doubt that is the case.
If frostwire has a means of having your AV scan the final downloaded file (many p2p programs do) then enter C:\Program Files\Alwil Software\Avast4\ashQuick.exe, which would then scan the downloaded file.
-
-= I'll tell it to my cousin right away..